Apple iOS und iPadOS 16.1 veröffentlicht

Apple hat das neue iOS und iPadOS 16.1 veröffentlicht. Das neue iOS wurde parallel zum macOS 13 Ventura veröffentlicht.

iOS 16.1 Feature

diese Geräte erhalten das iPadOS 16

• iPad Pro 12.9 (5. Generation)
• iPad Pro 11 (3. Generation)
• iPad Pro 12.9 (4. Generation)
• iPad Pro 11 (2. Generation)
• iPad Pro 12.9 (3. Generation)
• iPad Pro 11 (1. Generation)
• iPad Pro 12.9 (2. Generation)
• iPad Pro 12.9 (1. Generation)
• iPad Pro 10.5 
• iPad Pro 9.7
• iPad (9. Generation)
• iPad (8. Generation)
• iPad (7. Generation)
• iPad (6. Generation)
• iPad (5. Generation)
• iPad mini (6. Generation)
• iPad mini (5. Generation)
• iPad Air (4. Generation)
• iPad Air (3. Generation)

Geteilte iCloud-Fotomediathek

• Eine separate Mediathek zum nahtlosen Teilen von Fotos und Videos mit bis zu fünf anderen Personen.
• Dank der Konfigurationsregeln kannst du problemlos frühere Fotos ab einem bestimmten Datum oder mit bestimmten Personen hinzufügen, wenn du eine Mediathek einrichtest oder ihr beitrittst.
• Mit Mediathekfiltern kannst du im Handumdrehen die Ansichten wechseln und nur die geteilte Mediathek, deine persönliche Mediathek oder beide Mediatheken gleichzeitig anzeigen lassen.
• Dank geteilter Änderungen und Zugriffsrechte können alle Personen Fotos hinzufügen, bearbeiten, als Favoriten markieren, mit Untertiteln versehen und löschen.
• Anhand der Option zum Teilen in der App „Kamera“ hast du die Wahl, aufgenommene Fotos direkt zur geteilten Mediathek hinzuzufügen. Alternativ kannst du in den Einstellungen auswählen, Aufnahmen automatisch zu teilen, wenn andere Teilnehmende in der Nähe erkannt wurden und Bluetooth verwenden.

Live-Aktivitäten

• Live-Aktivitäten von Drittanbieter-Apps sind in der Dynamic Island und auf dem Sperrbildschirm für iPhone 14 Pro-Modelle verfügbar.

Fitness+

• Apple Fitness+ wird auf dem iPhone unterstützt, auch wenn du keine Apple Watch besitzt.

Wallet

• Die Option zum Teilen von Schlüsseln ermöglicht es dir, Auto-, Hotelzimmer- und andere Schlüssel sicher in Wallet über Nachrichten-Apps wie „Nachrichten“ und „WhatsApp“ zu teilen.

Home

• Matter, der neue Verbindungsstandard für Smarthomes, wird unterstützt und ermöglicht es, eine breite Auswahl an Smarthome-Geräten über Ökosysteme hinweg zu kombinieren.

Bücher

• Die Reader-Steuerung wird automatisch ausgeblendet, sobald du anfängst zu lesen.

Außerdem werden in diesem Update folgende Fehler auf dem iPhone behoben:

• Gelöschte Konversationen werden möglicherweise in der Konversationsliste in „Nachrichten“ angezeigt.
• Inhalte in der Dynamic Island sind im Einhandmodus eventuell nicht verfügbar.
• CarPlay kann unter Umständen keine Verbindung herstellen, wenn eine VPN-App verwendet wird.

Features: Informationen zu iOS 16-Updates – Apple Support (DE)

Apple iOS 16.1 Security Notes

AppleMobileFileIntegrity

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed by removing additional entitlements.

CVE-2022-42825: Mickey Jin (@patch1t)

AVEVideoEncoder

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved bounds checks.

CVE-2022-32940: ABC Research s.r.o.

CFNetwork

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation.

CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)

Core Bluetooth

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to record audio using a pair of connected AirPods
Description: This issue was addressed with improved entitlements.

CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes)

GPU Drivers

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.

CVE-2022-32947: Asahi Lina (@LinaAsahi)

IOHIDFamily

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may cause unexpected app termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.

CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs

IOKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved locking.

CVE-2022-42806: Tingting Yin of Tsinghua University

Kernel

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.

CVE-2022-32924: Ian Beer of Google Project Zero

Kernel

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-42808: Zweig of Kunlun Lab

Kernel

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-42827: an anonymous researcher

ppp

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.

CVE-2022-42829: an anonymous researcher

ppp

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.

CVE-2022-42830: an anonymous researcher

ppp

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved locking.

CVE-2022-42831: an anonymous researcher
CVE-2022-42832: an anonymous researcher

Sandbox

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox restrictions.

CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake

Shortcuts

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: A shortcut may be able to check the existence of an arbitrary path on the file system
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Visiting a malicious website may lead to user interface spoofing
Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved memory handling.

WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs

WebKit

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may disclose sensitive user information
Description: A logic issue was addressed with improved state management.

WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University

WebKit PDF

Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 242781
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative

Quelle: Security: https://support.apple.com/en-us/HT201222